101
0/240
Loading content...
The journey from a cold, powered-off diskless workstation to a fully operational system with a login prompt is a remarkable orchestration of protocols, each dependent on the successful completion of those before it. This process, refined over decades of networked computing, represents one of the most elegant applications of the layered protocol approach.
A diskless workstation has no local storage—no hard drive, no SSD, no flash memory for the operating system. Everything it needs must come from the network. Yet within 15-60 seconds of power-on, the screen displays a login prompt, the keyboard responds, and the user can begin working. How does this transformation occur?
This page traces the complete bootstrap pathway, from the initial electrical pulse through the network cable to the execution of the first user-space process.
By the end of this page, you will understand the complete boot sequence from power-on to operating system, the role of each protocol (BOOTP/DHCP, TFTP, NFS) in the process, how Boot ROMs are structured and execute, the kernel loading and initialization sequence, and common failure points and troubleshooting approaches for each phase.
The bootstrap process begins in hardware. Every network-bootable system contains a Boot ROM (also called a Boot PROM, Option ROM, or PXE ROM)—a small piece of persistent memory containing just enough code to initiate the network boot process.
Physical Implementation:
| Era | Technology | Typical Size | Reprogrammability |
|---|---|---|---|
| 1980s | PROM | 8-32 KB | None (fused) |
| 1990s | EPROM | 32-128 KB | UV erasable |
| 2000s | Flash | 128-512 KB | Electrically programmable |
| Modern | Integrated | 1-4 MB | Firmware update via software |
Boot ROM Contents:
Protocol Stack in Boot ROM:
A typical Boot ROM includes minimal implementations of:
+-------------------+
| Boot Logic | <- Orchestrates the boot process
+-------------------+
| TFTP Client | <- Downloads boot image
+-------------------+
| BOOTP/DHCP | <- Obtains IP configuration
+-------------------+
| UDP | <- Transport for BOOTP/TFTP
+-------------------+
| IP | <- Network layer
+-------------------+
| ARP | <- Address resolution
+-------------------+
| Ethernet Driver | <- NIC-specific driver
+-------------------+
| Hardware Init | <- NIC initialization
+-------------------+
Constraints on Boot ROM Code:
| Constraint | Implication |
|---|---|
| Minimal RAM | Cannot buffer large amounts of data |
| No disk | Cannot save state or cache anything |
| Simple CPU | No complex algorithms or crypto |
| Limited ROM size | Must be extremely efficient |
| No OS services | All code must be self-contained |
Preboot eXecution Environment (PXE), standardized by Intel, is the modern evolution of network boot ROMs. PXE standardizes the boot process, defines a specific API for boot loaders, and is integrated into virtually all modern x86 network interfaces and BIOS/UEFI firmware. When you enable 'Network Boot' in a modern system's BIOS, you're activating PXE.
The first network task is obtaining an IP address and boot configuration. This phase uses BOOTP (or DHCP in modern environments) to transform the workstation from 'knows nothing' to 'knows enough to download its operating system.'
Pre-BOOTP State:
BOOTP Request/Reply Exchange:
=== BOOTP Exchange (Captured with Wireshark) === Frame 1: BOOTREQUEST----------------------------------------Ethernet II Destination: ff:ff:ff:ff:ff:ff (Broadcast) Source: 00:1a:2b:3c:4d:5e Type: IPv4 (0x0800)Internet Protocol Version 4 Source: 0.0.0.0 Destination: 255.255.255.255User Datagram Protocol Source Port: 68 Destination Port: 67Bootstrap Protocol (Request) Message type: Boot Request (1) Hardware type: Ethernet (0x01) Hardware address length: 6 Hops: 0 Transaction ID: 0x12345678 Seconds elapsed: 0 Flags: 0x8000 (Broadcast) Client IP address: 0.0.0.0 Your (client) IP address: 0.0.0.0 Next server IP address: 0.0.0.0 Relay agent IP address: 0.0.0.0 Client MAC address: 00:1a:2b:3c:4d:5e Server host name: (empty) Boot file name: (empty) Magic cookie: DHCP (0x63825363) Frame 2: BOOTREPLY----------------------------------------Ethernet II Destination: 00:1a:2b:3c:4d:5e Source: 00:aa:bb:cc:dd:eeInternet Protocol Version 4 Source: 192.168.1.1 Destination: 192.168.1.100Bootstrap Protocol (Reply) Message type: Boot Reply (2) Transaction ID: 0x12345678 Your (client) IP address: 192.168.1.100 Next server IP address: 192.168.1.1 Client MAC address: 00:1a:2b:3c:4d:5e Boot file name: /tftpboot/pxelinux.0 Magic cookie: DHCP Option 1: Subnet Mask (255.255.255.0) Option 3: Router (192.168.1.1) Option 6: DNS (8.8.8.8) Option 255: EndPost-BOOTP State:
After a successful BOOTP exchange, the client now knows:
| Information | Source | Example Value |
|---|---|---|
| IP Address | yiaddr | 192.168.1.100 |
| Subnet Mask | Option 1 | 255.255.255.0 |
| Default Gateway | Option 3 | 192.168.1.1 |
| TFTP Server | siaddr | 192.168.1.1 |
| Boot Filename | file | /tftpboot/pxelinux.0 |
| DNS Server | Option 6 | 8.8.8.8 |
Address Configuration:
The Boot ROM configures the minimal IP stack:
With this configuration, the workstation can now communicate with the TFTP server to download its boot image.
The IP stack in a Boot ROM is intentionally minimal. It typically supports only UDP (not TCP), limited ARP cache, no IP fragmentation/reassembly, and no advanced routing. These limitations constrain what can be done during boot—TFTP's simplicity (UDP-based, 512-byte blocks) makes it ideal for this environment.
With address configuration complete, the next phase is downloading the boot image using TFTP (Trivial File Transfer Protocol). TFTP was designed specifically for this use case—it's simple enough to implement in a Boot ROM while capable of transferring multi-megabyte files.
Why TFTP, Not FTP or HTTP?
| Protocol | Size | Transport | Authentication | Boot ROM Suitable? |
|---|---|---|---|---|
| TFTP | ~500 bytes | UDP | None | ✓ Yes |
| FTP | ~10 KB | TCP | Optional | ✗ No (too complex) |
| HTTP | ~5 KB | TCP | Various | ✗ No (TCP required) |
| NFS | ~2 KB | UDP/TCP | Various | ✓ Sometimes used |
TFTP Operation:
TFTP uses a simple read request / data / acknowledgment pattern:
TFTP Packet Types:
| Opcode | Type | Purpose |
|---|---|---|
| 1 | RRQ | Read Request - request file download |
| 2 | WRQ | Write Request - request file upload |
| 3 | DATA | Data block with sequence number |
| 4 | ACK | Acknowledgment of data block |
| 5 | ERROR | Error notification |
Transfer Time Calculation:
For a 4 MB boot image on a 100 Mbps network:
File size: 4 MB = 4,194,304 bytes
Block size: 512 bytes
Number of blocks: 4,194,304 / 512 = 8,192 blocks
Per-block transfer (100 Mbps):
- Data packet: 512 bytes = ~41 microseconds
- ACK packet: ~20 bytes = ~1.6 microseconds
- Round-trip latency: ~1 millisecond (typical LAN)
- Per-block time: ~1-2 milliseconds
Total transfer time: 8,192 × 2 ms ≈ 16 seconds
With modern optimizations (TFTP options):
- Block size: 1428 bytes (max without fragmentation)
- Number of blocks: ~2,937
- Transfer time: ~6 seconds
TFTP Options (RFC 2347, 2348, 2349):
| Option | Purpose | Improvement |
|---|---|---|
| blksize | Larger block size | Fewer round-trips |
| tsize | Transfer size | Client can allocate memory |
| timeout | Retry timeout | Adaptive to network |
| windowsize | Multiple blocks before ACK | Pipelining |
Modern PXE boot often uses a two-stage process: First, a small boot loader (like pxelinux.0 at ~40KB) is downloaded. This boot loader has a richer user interface and can parse configuration files, display menus, and then download the actual kernel and initramfs. This approach provides flexibility without requiring complex Boot ROM code.
Boot Image Types:
| Platform | Boot Image | Typical Size |
|---|---|---|
| x86 BIOS/PXE | pxelinux.0 | 40 KB (loader) |
| x86 UEFI | grubx64.efi | 500 KB (loader) |
| Sun SPARC | kernel (vmlinuz) | 2-5 MB |
| ARM | uImage/zImage | 2-10 MB |
| Any (with initrd) | initramfs | 5-50 MB |
Memory Loading:
As blocks arrive, the Boot ROM loads them into specific memory locations:
Memory Layout (x86 example):
+------------------+ 0x00000000
| Interrupt Table |
+------------------+ 0x00000400
| BIOS Data Area |
+------------------+ 0x00000500
| Free (boot image)| <- TFTP data loaded here
+------------------+ 0x0007FFFF
| ... |
+------------------+ 0x00100000
| Extended Memory | <- Large images loaded here
+------------------+
Once the boot image is loaded into memory, the Boot ROM transfers control to it. This marks a transition from the simple, constrained Boot ROM environment to a more capable boot loader that can download additional files and present configuration options.
The Boot Handoff:
Boot ROM execution flow:
1. Download boot image via TFTP
2. Verify image integrity (checksum if supported)
3. Set up execution environment
4. Jump to boot image entry point
5. Boot ROM code no longer executes
Information Passed to Boot Loader:
The Boot ROM typically communicates configuration to the boot loader via:
| Method | Information | Usage |
|---|---|---|
| Registers | Entry point, memory map | CPU-specific |
| Memory structures | Network config, hardware info | PXE API |
| Environment variables | Boot parameters | Some platforms |
Common Network Boot Loaders:
PXELINUX (Syslinux project):
GRUB2 (for UEFI):
iPXE (Enhanced PXE):
1234567891011121314151617181920212223242526
# /tftpboot/pxelinux.cfg/default# PXE Boot Menu Configuration DEFAULT menu.c32PROMPT 0TIMEOUT 100MENU TITLE Network Boot Menu LABEL linux MENU LABEL ^Linux (Ubuntu 22.04) KERNEL ubuntu/vmlinuz APPEND initrd=ubuntu/initrd.img ip=dhcp root=/dev/nfs nfsroot=192.168.1.1:/export/ubuntu rw LABEL centos MENU LABEL ^CentOS Stream 9 KERNEL centos/vmlinuz APPEND initrd=centos/initrd.img ip=dhcp inst.repo=http://192.168.1.1/centos LABEL localboot MENU LABEL Boot from local ^disk LOCALBOOT 0 LABEL rescue MENU LABEL ^Rescue Environment KERNEL rescue/vmlinuz APPEND initrd=rescue/initrd.img ip=dhcp rescuePXELINUX searches for configuration files in a specific order: (1) by client's UUID, (2) by MAC address (prefixed with 01-), (3) by IP address in hex (progressively shorter), and finally (4) 'default'. This allows per-machine configurations while providing fallbacks. For MAC 00:1A:2B:3C:4D:5E, it looks for 01-00-1a-2b-3c-4d-5e first.
Boot Loader Tasks:
When the boot loader transfers control to the kernel, a new phase begins. The kernel must initialize the system, configure networking, and mount its root filesystem—all without any local storage.
Kernel Boot Parameters for Network Boot:
vmlinuz initrd=initrd.img ip=dhcp root=/dev/nfs
nfsroot=192.168.1.1:/export/client1 rw
Parameter Reference:
| Parameter | Purpose | Example |
|---|---|---|
| ip=dhcp | Use DHCP for IP configuration | ip=dhcp |
| ip=static | Static IP configuration | ip=192.168.1.100::192.168.1.1:255.255.255.0:host:eth0:off |
| root=/dev/nfs | Root filesystem is NFS | root=/dev/nfs |
| nfsroot= | NFS server and path | nfsroot=192.168.1.1:/export/root |
| rw / ro | Mount read-write or read-only | rw |
| init= | Alternative init program | init=/bin/bash |
Kernel Initialization Sequence:
The Initramfs Role:
For network boot, the initramfs (initial RAM filesystem) is critical. It contains:
Initramfs contents (simplified):
/
├── bin/
│ ├── busybox
│ └── sh -> busybox
├── etc/
├── init (initialization script)
├── lib/
│ └── modules/ (network driver .ko files)
├── proc/
├── sys/
└── sbin/
└── mount.nfs
On modern Linux systems, Dracut generates initramfs images. For network boot, include the network modules: 'dracut --add network --add nfs' generates an initramfs with NFS root support. The dracut-network module handles IP configuration, and the nfs module provides NFS mount capabilities during early boot.
NFS Root Mount:
The kernel (via initramfs) mounts the NFS-exported root filesystem:
mount -t nfs -o vers=4,rw 192.168.1.1:/export/client1 /sysroot
NFS Export Configuration (Server Side):
# /etc/exports on NFS server
/export/client1 192.168.1.100(rw,sync,no_root_squash,no_subtree_check)
/export/client2 192.168.1.101(rw,sync,no_root_squash,no_subtree_check)
/export/shared 192.168.1.0/24(ro,sync,no_subtree_check)
Critical Export Options:
| Option | Purpose |
|---|---|
| rw | Read-write access |
| no_root_squash | Allow root operations (needed for boot) |
| sync | Synchronous writes for safety |
| no_subtree_check | Performance optimization |
Let's trace through a complete network boot with realistic timings. This timeline assumes a modern 1 Gbps network with optimized configurations.
| Time | Phase | Activity | Duration |
|---|---|---|---|
| T+0.0s | Power-on | Hardware POST begins | 1-3 seconds |
| T+3.0s | Boot ROM | NIC initialization | 0.5 seconds |
| T+3.5s | DHCP/BOOTP | Broadcast request | < 100 ms |
| T+3.6s | DHCP/BOOTP | Receive reply | < 100 ms |
| T+3.7s | TFTP | Request boot loader | < 100 ms |
| T+4.0s | TFTP | Download boot loader (40KB) | < 500 ms |
| T+4.5s | Boot Loader | Parse configuration | < 500 ms |
| T+5.0s | TFTP | Download kernel (5MB) | 1-2 seconds |
| T+7.0s | TFTP | Download initramfs (30MB) | 3-5 seconds |
| T+12.0s | Kernel | Kernel starts, hardware init | 2-3 seconds |
| T+15.0s | Kernel | Network reconfiguration | 1 second |
| T+16.0s | NFS | Mount root filesystem | 1-2 seconds |
| T+18.0s | Init | System initialization | 5-15 seconds |
| T+30.0s | Complete | Login prompt |
Factors Affecting Boot Time:
| Factor | Impact | Optimization |
|---|---|---|
| Network speed | File transfer time | Use 1 Gbps or faster |
| Switch port config | STP delay at boot | Enable PortFast |
| DHCP server speed | Address acquisition | Use fast server, local |
| Boot image size | Download time | Minimize initramfs |
| NFS server latency | Root mount time | Use local NFS server |
| Init system | Startup services | Disable unnecessary services |
Common Bottlenecks:
The most common cause of 'slow network boot' is Spanning Tree Protocol. When a switch port transitions from blocking to forwarding, it goes through Listening (15s) and Learning (15s) states. PortFast skips these states for edge ports. Without PortFast, expect 30+ seconds of delay before any network traffic flows—the client appears hung with no NIC activity.
Network boot involves multiple components that must all work correctly. Systematic troubleshooting identifies the failing phase.
Failure Point Identification:
| Symptom | Likely Phase | Diagnostic Steps |
|---|---|---|
| No NIC activity LED | Hardware/Boot ROM | Check NIC, reseat card, verify ROM enabled |
| NIC blinks but no IP | DHCP/BOOTP | Verify DHCP server, check VLAN, capture traffic |
| IP acquired but TFTP fails | TFTP | Check TFTP server, verify filename, test manually |
| Boot loader error | Boot Loader | Check config file syntax, verify kernel path |
| Kernel panic | Kernel | Check kernel parameters, verify initramfs |
| NFS mount fails | NFS | Verify exports, check permissions, test mount |
Diagnostic Tools:
1. Packet Capture (Wireshark/tcpdump):
# Capture all BOOTP/DHCP and TFTP traffic
tcpdump -i eth0 -w boot-capture.pcap
'port 67 or port 68 or port 69'
2. TFTP Testing:
# Manual TFTP test from another machine
tftp 192.168.1.1
> get /tftpboot/pxelinux.0
> quit
3. NFS Testing:
# Check NFS exports
showmount -e 192.168.1.1
# Test mount
mount -t nfs 192.168.1.1:/export/root /mnt/test
4. DHCP Server Logs:
# ISC DHCP server logs
journalctl -u isc-dhcp-server -f
# Check for lease assignments
cat /var/lib/dhcp/dhcpd.leases
We have traced the complete journey from power-on to operating system. Let's consolidate the key phases and concepts:
What's Next:
In the final page of this module, we will explore the historical context and evolution of bootstrap protocols—from RARP through BOOTP to modern DHCP. Understanding this evolution illuminates why protocols work the way they do and provides insight into the design decisions that shaped modern network auto-configuration.
You now understand the complete network bootstrap process from power-on to login prompt. You can trace data flow through each phase, identify common failure points, and apply systematic troubleshooting techniques. This knowledge is essential for deploying and maintaining diskless systems, thin clients, and modern infrastructure automation.